Forescout’s 2026 Riskiest Connected Devices Report Highlights 11 New Device Types as Network Infrastructure Surpasses Endpoints in Overall Risk

Forescout Technologies Inc., a global leader in cybersecurity, released its “ Riskiest Connected Devices in 2026” report from Forescout Research – Vedere Labs, an analysis of millions of devices in Forescout’s Device Cloud using a multifactor risk scoring methodology to identify the most at-risk device types in enterprise networks.

Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity

This year’s report highlights a surge in newly identified high-risk device types, with 11 appearing on the riskiest list for the first time, including serial-to-IP converters, time clocks, RFID readers, BACnet routers and medical image printers. The findings continue a significant shift first observed last year. The rate of change has accelerated sharply, as 40% of the riskiest device types were not on the list last year, and 75% were not on the list just two years ago. Together, these results show risk spreading across a broader set of device categories that are often harder to inventory, harden, or patch consistently.

Download the full report and read the accompanying blog.

“Organizations are connecting more specialized devices than ever, many of which are unmanaged and unagented, and adversaries are evolving their attacks accordingly,” said Barry Mainz, CEO, Forescout. “Threat actors are increasingly exploiting east-west traffic and could target emerging device categories like serial-to-IP converters, medication dispensing systems, and RFID readers. These devices serve as softer points of entry to the network due to limited hardening, inconsistent patching, widespread use of default credentials, and embedded management interfaces that are rarely monitored compared to traditional endpoints. Once a foothold is gained through one of these devices, attackers move laterally across networks to evade traditional, perimeter-focused security layers. In today’s threat landscape, containment is the new control. The ability to automatically contain the blast radius is critical for effective, modern cybersecurity.”

Key Findings of the 2026 Riskiest Devices Report

Riskiest devices across IT, OT, IoT, and IoMT saw significant shifts.

• 11 new device types appear on the riskiest devices list for the first time:
  • Serial-to-IP Converters and Workstations (IT)
  • Printers, Time Clocks, and RFID Readers (IoT)
  • Power Distribution Units (PDUs), I/O Modules, and BACnet Routers (OT)
  • Medication Dispensing Systems, Medical Image Printers, and DICOM Gateways (IoMT)
• 75% of the riskiest device types were not on the list just two years ago, and 40% are new to the list this year.
• Network infrastructure devices now represent the highest risk overall, surpassing traditional endpoints across several categories.
• Routers surpassed computers and now account for one-third of the most critical vulnerabilities in organizational networks. Routers and switches average nearly 32 vulnerabilities per device.

The end of Windows 10 support is accelerating legacy operating system exposure.

• Legacy Windows operating systems are most prevalent in retail (39%), healthcare (35%), and financial services (29%).
• Printers, switches, and IP phones most commonly run outdated or unsupported firmware and are often overlooked in patch management programs.

Protocol exposure is shifting from IT to embedded management access.

• SSH is now the second most common protocol observed, with rising usage in nearly every sector analyzed except retail.
• Telnet usage, despite being unencrypted and often found on legacy OT and IoT devices, rose significantly across most sectors.
• Telnet exposure in financial services rose from 3% to 12%; manufacturing exposure increased from 5% to 12% and healthcare increased from 6% to 8%.

“The pattern is clear: attackers are testing the edges and targeting devices that bridge or integrate multiple environments, including special-purpose operating systems, embedded management interfaces, and devices that often fall outside standard patch cycles,” said Daniel dos Santos, VP of Research at Forescout. “We are seeing ransomware threat actors leveraging routers and IP cameras, while malware jumps from IT networks into OT workstations and even medical systems. Defenders need security strategies that can identify, prioritize and reduce risk across IT, OT, IoT, and IoMT domains, combined with automated controls that can adapt as the connected devices in their environment shift.”

Catch more CIO Insights: CIO as Orchestrator of Cross-Functional Digital Strategy

[To share your insights with us, please write to psen@itechseries.com ]